PDQ security

We know how important the security of our products is. We're a bunch of former sysadmins ourselves. That’s why every decision we make revolves around ensuring our products are safe to use for managing your devices.

Blue lock illustration
Blue lock illustration

Our mission is to make device management simple, secure, and pretty damn quick.

We use a blend of top-tier security measures and evaluations of our applications, systems, and networks to safeguard your data — guaranteed.


At PDQ we take pride in our commitment to security. That’s why we adhere to industry standard security practices and policies, backed up by a handful of compliance certifications and attestations.


We are in process or already compliant with the following security frameworks:

Data privacy and protection

We are compliant with the following data privacy and protection frameworks:

Operational security

As a company made up of former sysadmins, we absolutely get the significance of security. That's why we're always in the loop with the latest security practices and industry standards.

System access

PDQ enforces a role-based access control (RBAC) policy over defined subjects and objects. PDQ controls access based upon defined roles and users authorized to assume such roles. By doing so, PDQ ensures that user access to in-scope system components is based on job role and function.

PDQ ensures that, at minimum, the RBAC policy establishes and enforces RBAC on the following elements:

  • Core business suite

  • Software development system

  • Cloud service providers (CSPs)

  • Other business-critical systems

Vulnerability protection

PDQ has established a vulnerability monitoring and scanning program designed to monitor and scan for internal and external vulnerabilities in systems and hosted applications at least weekly (or more randomly) to identify, quantify, and prioritize vulnerabilities. PDQ also identifies and implements code analysis tools in the organization’s development pipeline to regularly scan both static and dynamic codebases to check for vulnerabilities. Processes ensure that the scope of any vulnerability is defined and documented prior to the initiation of a vulnerability assessment.

PDQ also ensures that all findings from vulnerability scans are analyzed and documented on a weekly basis and remediated in accordance with the organization's risk tolerance. PDQ shares information obtained from the vulnerability monitoring process and control assessments with key stakeholders to help eliminate similar vulnerabilities in other systems.

Employee training

All PDQ employees are required to complete mandatory security training on a regular basis. This includes (but is not limited to) training on the following topics:

  • Social engineering

  • Phishing

  • Physical security

  • Mobile device security

  • Social media use


Below is a listing of the sub-processors we utilize and the purpose for each engagement.

  1. Auth0: Authentication

  2. Chargebee: Payment processing

  3. Cloudflare: Cloud infrastructure

  4. Google Analytics / Adwords: Analytics, metrics, and marketing

  5. Google Cloud: Cloud infrastructure

  6. HubSpot: Customer support

  7. Microsoft Azure: Cloud infrastructure

  8. Microsoft Office 365: Email

  9. MixPanel: Analytics

  10. NewRelic: Service performance monitoring

  11. ProfitWell: Financial analytics

  12. PowerBI: Business intelligence

  13. Sentry: Cloud infrastructure

  14. Sendgrid: Email automation

  15. Salesforce: Customer support

  16. Stripe: Payment processing

  17. Twilio: Cloud infrastructure

  18. UserVoice: Customer support

  19. Zapier: Business automation

  20. ZenDesk: Customer support

Our suite of secure products

While the software solutions we provide at PDQ are not security products in and of themselves, we believe they play a crucial part in the security strategy of any organization — helping sysadmins securely manage devices. Learn more in each product’s in-depth security guide.

Have questions? Contact us.